Does 4G Pose A Security Threat?

Could 4G Networks give way for more high-risk mobile security implications; Symantec is warning of such a wave of threats.

“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.

“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”

To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.

“Companies need to make sure that where traditionally it’s been a firewall with a perimeter with everything in a timeline environment,” John said. “What they need to look at is ‘what are my employees doing’, ‘what information is being shared’ and ‘how do we ensure our information is being protected no matter where it may be’, whether its mobile device, across networks or sitting in a cloud service.”

“This is a change we are going through, but 4G is going to push the need for that change even more so,” she added.

According to John, 4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.

Source…

More Citigroup Accounts Compromised Than Stated

Citigroup was apparently hit harder by a cyber-attack in May than what was originally reported; which is now 360,000 of its customers. Unfortunately, this number is double the number that Citigroup initially stated.

Citigroup is one of the biggest banks in the US and ranks number 3 overall. The breach occurred on May 10^th and was confirmed by Citigroup on June 8th^th. That said, around 360,080 North American Citigroup credit card accounts were impacted by the breach, Citigroup stated; which is around 1 per cent of their North American card customer’s base.

Read More….

Google Moves Quickly To Plug Data Leaks

Google confirmed that it’s starting to roll out a server-side patch for a security vulnerability in most Android phones that could allow hackers to access important credentials at public Wi-Fi hotspots.

“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” said a Google spokesman in an emailed statement. “This fix requires no action from users and will roll out globally over the next few days.”

Google will apparently apply the fix to its servers since it does not need to push out an over-the-air update to Android phones.

Experts applauded Google’s fast reaction.

“It’s impressive how quickly Google fixed this,” said Kevin Mahaffey, chief technology officer and a co-founder of San Francisco-based mobile security firm Lookout. “Google’s security team, especially on Android, is very, very quick to deal with issues.”

Whatever Google is implementing will shut the security hole that three German researchers publicized last week.

According to the University of Ulm researchers, who tested another researcher’s contention last February that Android phones sent authentication data in the clear, hackers could easily spoof a Wi-Fi hotspot — in a public setting such as an airport or coffee shop — then snatch information that users’ phones transmitted during synchronization.

In Android 2.3.3 and earlier, the phone’s Calendar and Contacts apps transmit information via unencrypted HTTP, then retrieve an authentication token from Google. Hackers could eavesdrop on the HTTP traffic at a public hotspot, lift authentication tokens and use them for up to two weeks to access users’ Web-based calendars, their contacts and also the Picasa photo storage and sharing service.

Read More…